III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000342-GPOS-00133
<GroupDescription></GroupDescription>Group -
CA VM:Secure product audit records must offload audit records to a different system or media.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...Rule Medium Severity -
SRG-OS-000479-GPOS-00224
<GroupDescription></GroupDescription>Group -
CA VM:Secure product audit records must be offloaded on a weekly basis.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...Rule Medium Severity -
SRG-OS-000379-GPOS-00164
<GroupDescription></GroupDescription>Group -
The IBM z/VM Portmapper server virtual machine userID must be included in the AUTOLOG statement of the TCP/IP server configuration file.
<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. B...Rule Medium Severity -
SRG-OS-000312-GPOS-00124
<GroupDescription></GroupDescription>Group -
CA VM:Secure product MANAGE command must be restricted to system administrators.
<VulnDiscussion>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have di...Rule Medium Severity -
SRG-OS-000326-GPOS-00126
<GroupDescription></GroupDescription>Group -
The CA VM:Secure LOGONBY command must be restricted to system administrators.
<VulnDiscussion>In certain situations, software applications/programs need to execute with elevated privileges to perform required functions....Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The IBM z/VM CP Privilege Class A, B, and D must be restricted to appropriate system operators.
<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or proce...Rule Medium Severity -
SRG-OS-000329-GPOS-00128
<GroupDescription></GroupDescription>Group -
The IBM z/VM JOURNALING statement must be properly configured.
<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...Rule Medium Severity -
SRG-OS-000425-GPOS-00189
<GroupDescription></GroupDescription>Group -
The IBM z/VM TCP/IP SECUREDATA option for FTP must be set to REQUIRED.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for examp...Rule Medium Severity -
SRG-OS-000297-GPOS-00115
<GroupDescription></GroupDescription>Group -
IBM z/VM TCP/IP config file INTERNALCLIENTPARMS statement must be properly configured.
<VulnDiscussion>Remote access services, such as those providing remote access to network devices and information systems, which lack automate...Rule Medium Severity -
SRG-OS-000425-GPOS-00189
<GroupDescription></GroupDescription>Group -
All IBM z/VM TCP/IP servers must be configured for SSL/TLS connection.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for examp...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.